Posting your location can have unintended consequences. A band of burglars in Nashua, NH were arrested for an estimated 50 burglaries in the area whose locations were chosen based on information they collected from social networks including Facebook.

“Be careful of what you post on these social networking sites,” said Capt. Ron Dickerson of Nashua police. “We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites.”

I did not realize that one of the benefits of OpenDNS is phishing protection:

PHISHING PROTECTION Phishing is the Internet scheme where you get a fake e-mail note from your bank about a problem with your account. When you click the link to correct the problem, you get a fake Web site, designed to look just like your bank’s — and by logging in, you unwittingly supply your name and password to the bad guys.

OpenDNS intercepts and blocks your efforts to visit the fake sites. It works like a charm.

Trend Micro’s research lab is reporting that the Koobface trojan continues to put unsuspecting Facebook users at risk. Because Koobface is really a bot, its Command & Control infrastructure can and does change the message and the link you receive to lure you a page that will download the Koobface trojan onto your system.

You could ask, why can’t Facebook eradicate Koobface? Apparently, they are not seeing a significant number of users canceling their accounts due to Koobface and other malware to warrant the investment.

Why not simply block Facebook? If the business side of the organization (sales and marketing) is OK with that, then blocking Facebook in the office is a reasonable step. There are two issues to consider:

Increasingly, sales and marketing departments want to take advantage of Facebook and other social networking sites to reach current and prospective customers.

Even if you do block social networking sites in the office, laptop users who travel or just use their laptops at home are at risk of being exploited by malware from social networking sites.

IRC-Junkie is reporting that researchers at TU Wien (Vienna
University of Technology, Austria) have developed a software program
that performs a "man-in-the-middle" attack between IRC users causing
them to click on malicious links at a 76% click rate. As opposed to
impersonating a user and attempting to perform one side of the
conversation, this program sits between two users and simply makes
changes to the words and inserts malicious links.

The so called "HoneyBot" is capable of influencing the
ongoing conversation by “dropping, inserting, or modifying messages”
and the researchers assert that “if links (or questions) are
inserted into such a conversation, they will seem to originate from a
human user” and therefore the click-probability will be “higher
than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of
knowledge that such an attack is even possible and therefore people are
not in the least bit suspicious. If HoneyBots become more prevalent,
people will be more on guard.

In any case, approach each link cautiously – hover over the link and
inspect the URL that is displayed at the bottom of the browser. If you
cannot determine exactly where the URL is going to take you, don't click
on it.

Another thought, how long before we see this type of attack in the
wild on Facebook?

Sunbelt has a detailed blog post of a ridiculously simple and obvious social engineering attack on Facebook users. The good news is that only 0.05% of Facebook users fell for it. The bad news is that the actual number of Facebook users is 191,372. Given the ease of creating these attacks and the rewards to the attackers, they are not going to stop anytime soon.

The "quality" of phishing emails continues to improve. In other words, the attackers continue to make their phishing emails seem legitimate and thus trick more people into taking the emails' suggested actions. An article in Dark Reading this week discusses research done by F-Secure about new, more convincing, phishing attacks generated by the Zbot botnet which attempts to infect victims with the Zeus trojan. I wrote about how the Zeus trojan is used as a keylogger to steal banking credentials which enable funds transfer fraud.

While one might have considered the Dark Reading article a public relations piece for F-Secure, its validity was increased for me by Rich Mogull at Securosis who wrote about "the first phishig email I almost fell for," i.e. one of these Zbot phishing emails.

If a security person like Rich Mogull, who has the requisite security "paranoia DNA" can almost be fooled, then the phishing attackers are indeed improving their social engineering craft.